Stolen NSA Hacking Tools For Sale In Bizarre Auction

The hackers who are auctioning off Cyber-weapons allegedly stolen from the National Security Agency are growing annoyed and want cash.

In what Edward Snowden deems “not unprecedented,” hackers calling themselves the Shadow Brokers have collected NSA-created malware from a staging server run by the Equation Group, an internal hacking team. The Shadow Brokers have now published two chunks of data, one “open” chunk and another encrypted file containing the “best files” that they will sell for at least $1 million. Wikileaks has said they already own the “auction” files and will publish them in “due course.”

The ShadowBrokers' sale of the stolen tools has so far generated little interest, the hackers complained in a message posted online, using broken English.

"TheShadowBrokers is not being interested in fame. TheShadowBrokers is selling to be making money," the hackers said. At the outset, their auction only had one substantial bid at 1.5 bitcoins, or $918. Many of the other bids were valued at less than $1. 

The hackers originally dumped a sample of the stolen hacking tools back in mid-August, and independent security experts later found the tools to actually work. The tools include exploits designed to compromise firewall and router products from Cisco, Juniper Networks and Fortinet, and are probably worth a fortune.

The hackers claim they have more Cyber-weapons to sell. However, they've taken the unusual step of offering them up through an open online auction relying on bitcoin.

Although anyone can participate, the hackers haven't said when they'll accept the final bid. The hackers also hoped to receive 1 million bitcoins, or $611 million, in exchange for leaking all they stole for free to the public. The unusual conditions have led some security researchers to suspect the auction is a publicity stunt. But the ShadowBrokers claim in their latest posting that the auction is real, despite "sounding crazy."

"Expert peoples is saying Equation Group Firewall Tool Kit worth $1 million," the group said. "TheShadowBrokers is wanting that $1 million."

They made the auction public to draw in the most bidders and never expected a bid of 1 million bitcoins, they added.  "Anticipate end (to the auction) when reasonable sum raised and bidding stops," the hackers added.

Although the ShadowBrokers are offering no guarantees, they did claim they have many more hacking tools that can target other platforms such as Windows, Linux and mobile devices. The tools up for auction will target one of these platforms and include ways to hack a system remotely and remain a persistent threat, they said. "Value estimated in millions of euros/dollars," the group added. 

It's unclear if the tools are really from the NSA. But the hackers claim to have stolen them from the Equation Group, an elite Cyber-espionage team suspected to work for the US government.

The hackers are hoping that victims and adversaries of the Equation Group will eventually bid on the auction. But the ShadowBrokers appear to be growing impatient. Their posting was also riddled with expletives.  

"TheShadowBrokers is wanting quick end too so be making [expletive] bids," the hackers said. 


TechCrunch:     Computerworld


 

« Overwhelming Cyber Attacks On Healthcare
Dealing With Insider Data Theft »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Assured Data Protection

Assured Data Protection

Assured Data Protection specialises in data protection and disaster recovery services for large SME and enterprise organisations.

Industrial Cyber Security

Industrial Cyber Security

Industrial Cyber Security provides specialist consulting services in enterprise and SCADA system security.

Ovarro

Ovarro

Ovarro is the new name for Servelec Technologies and Primayer. Ovarro's technology is used throughout the world to monitor, control and manage critical and national infrastructure.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Jerusalem Venture Partners (JVP)

Jerusalem Venture Partners (JVP)

JVP’s Center of Excellence in Be’er Sheva aims to identify, nurture and build the next wave of cyber security and big data companies to emerge out of Israel.

Pioneer Search

Pioneer Search

Pioneer Search is a UK based Technology & Change, Electronics Engineering, Cyber Security & Cloud and Data & Analytics Employment Agency.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

Symbol Security

Symbol Security

Through situational learning, simulations, and a gamified user experience, Symbol strengthens the cyber awareness of employees and helps companies lower cyber risk.

Dapple Security

Dapple Security

Dapple Security is creating cutting edge technology utilizing responsible biometrics that protects people and privacy through a first-of-its-kind passwordless platform.

ZENDATA

ZENDATA

ZENDATA are an innovative provider of intelligent, tailored cybersecurity solutions to global companies and public sector institutions.

Nyx Security Solutions

Nyx Security Solutions

Nyx is committed to excellence in embedded cybersecurity, delivering top-tier secure design, development, and penetration testing services that meet and exceed industry standards.

Inception Cyber

Inception Cyber

Inception Cyber, the inventors of intent-based security, is leading the next generation of threat prevention for an increasingly AI-driven world.